Best Practical Solutions RT before 3.8.9 does not perform certain redirect actions upon a login, which allows physically proximate attackers to obtain credentials by resubmitting the login form via the back button of a web browser on an unattended workstation after an RT logout.
Max CVSS
2.1
EPSS Score
0.37%
Published
2011-02-28
Updated
2021-02-25
Scrips_Overlay.pm in Best Practical Solutions RT before 3.8.9 does not properly restrict access to a TicketObj in a Scrip after a CurrentUser change, which allows remote authenticated users to obtain sensitive information via unspecified vectors, as demonstrated by custom-field value information, related to SQL logging.
Max CVSS
4.0
EPSS Score
0.24%
Published
2011-02-28
Updated
2021-02-25
Multiple cross-site request forgery (CSRF) vulnerabilities in Best Practical Solutions RT before 3.8.12 and 4.x before 4.0.6 allow remote attackers to hijack the authentication of arbitrary users.
Max CVSS
6.8
EPSS Score
0.30%
Published
2012-06-04
Updated
2021-02-25
The init script in the Debian x11-common package before 1:7.6+12 is vulnerable to a symlink attack that can lead to a privilege escalation during package installation.
Max CVSS
7.8
EPSS Score
0.09%
Published
2020-02-21
Updated
2021-02-25
In all versions of AppArmor mount rules are accidentally widened when compiled.
Max CVSS
9.8
EPSS Score
0.21%
Published
2019-04-22
Updated
2021-02-25
chroot in GNU coreutils, when used with --userspec, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.
Max CVSS
6.5
EPSS Score
0.04%
Published
2017-02-07
Updated
2021-02-25
Multiple integer overflows in libwebp allows attackers to have unspecified impact via unknown vectors.
Max CVSS
3.3
EPSS Score
0.07%
Published
2017-02-03
Updated
2021-02-25
The iconv program in the GNU C Library (aka glibc or libc6) 2.31 and earlier, when invoked with multiple suffixes in the destination encoding (TRANSLATE or IGNORE) along with the -c option, enters an infinite loop when processing invalid multi-byte input sequences, leading to a denial of service.
Max CVSS
5.9
EPSS Score
0.69%
Published
2017-03-02
Updated
2022-10-17
cairo-truetype-subset.c in cairo 1.15.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) because of mishandling of an unexpected malloc(0) call.
Max CVSS
7.5
EPSS Score
0.53%
Published
2017-07-17
Updated
2021-03-04
In LibTIFF 4.0.8, there is a memory malloc failure in tif_jbig.c. A crafted TIFF document can lead to an abort resulting in a remote denial of service attack.
Max CVSS
6.5
EPSS Score
0.15%
Published
2017-06-26
Updated
2021-02-25
In PCRE 8.41, the OP_KETRMAX feature in the match function in pcre_exec.c allows stack exhaustion (uncontrolled recursion) when processing a crafted regular expression.
Max CVSS
7.8
EPSS Score
0.37%
Published
2017-07-11
Updated
2023-04-12
An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a "u4" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.
Max CVSS
7.5
EPSS Score
0.10%
Published
2018-01-16
Updated
2021-02-25
LibTIFF 4.0.9 has a NULL pointer dereference in the jpeg_fdct_16x16 function in jfdctint.c.
Max CVSS
6.5
EPSS Score
0.10%
Published
2018-04-21
Updated
2021-03-15
The DGifDecompressLine function in dgif_lib.c in GIFLIB (possibly version 3.0.x), as later shipped in cgif.c in sam2p 0.49.4, has a heap-based buffer overflow because a certain CrntCode array index is not checked. This will lead to a denial of service or possibly unspecified other impact.
Max CVSS
8.8
EPSS Score
0.93%
Published
2018-05-26
Updated
2021-03-15
cairo through 1.15.14 has an out-of-bounds stack-memory write during processing of a crafted document by WebKitGTK+ because of the interaction between cairo-rectangular-scan-converter.c (the generate and render_rows functions) and cairo-image-compositor.c (the _cairo_image_spans_and_zero function).
Max CVSS
6.5
EPSS Score
0.17%
Published
2018-10-08
Updated
2021-03-15
systemd 242 changes the VT1 mode upon a logout, which allows attackers to read cleartext passwords in certain circumstances, such as watching a shutdown, or using Ctrl-Alt-F1 and Ctrl-Alt-F2. This occurs because the KDGKBMODE (aka current keyboard mode) check is mishandled.
Max CVSS
9.8
EPSS Score
1.42%
Published
2019-05-17
Updated
2022-02-20
GNU Libtasn1-4.13 libtasn1-4.13 version libtasn1-4.13, libtasn1-4.12 contains a DoS, specifically CPU usage will reach 100% when running asn1Paser against the POC due to an issue in _asn1_expand_object_id(p_tree), after a long time, the program will be killed. This attack appears to be exploitable via parsing a crafted file.
Max CVSS
7.1
EPSS Score
0.21%
Published
2018-08-20
Updated
2021-02-25
An issue was discovered in cairo 1.16.0. There is an assertion problem in the function _cairo_arc_in_direction in the file cairo-arc.c.
Max CVSS
6.5
EPSS Score
0.20%
Published
2019-01-16
Updated
2021-03-04
An issue was discovered in cairo 1.16.0. There is an infinite loop in the function _arc_error_normalized in the file cairo-arc.c, related to _arc_max_angle_for_tolerance_normalized.
Max CVSS
6.5
EPSS Score
0.31%
Published
2019-01-16
Updated
2021-03-04
A buffer overflow was addressed with improved bounds checking. This issue is fixed in macOS Catalina 10.15.2, Security Update 2019-002 Mojave, and Security Update 2019-007 High Sierra. In certain configurations, a remote attacker may be able to submit arbitrary print jobs.
Max CVSS
3.3
EPSS Score
0.11%
Published
2020-10-27
Updated
2021-03-15
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!